Avoid leaks on gss_accept_sec_context errors

Avoid leaks on gss_accept_sec_context errors

Failure handling during the postprocessing of
mech->gss_accept_sec_context was inconsistent.  In one case we delete
the output token but leave the partly-constructed context present in
*context_handle (violating RFC 2744 if this is the first call); in
other cases we leave the output token in the caller's buffer but do
destroy the partly-constructed context.  Make this more consistent by
always destroying the output token and partly-constructed context.
(RFC 2744 prefers, but does not require, leaving the
partly-constructed context present on error if it was present on
entry.  At the moment we are ignoring that preference.)

[ghudson@mit.edu: Rewrote commit message with more details]